|
881
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltr…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2023-4639
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject …
New
|
CWE-233
Improper Handling of Parameters
|
CVE-2023-1419
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
3.4 |
LOW
Adjacent
|
-
|
-
|
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for a…
New
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2023-0657
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se…
New
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2020-25720
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
- |
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-52397
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-52416
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0.
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-52415
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-52414
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-52413
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-52412
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
